Stories
Slash Boxes
Comments

SoylentNews is people

Hackers Used 4 Zero-Days to Infect Windows and Android Devices

posted by Fnord666 on Saturday January 16 2021, @09:34AM   Printer-friendly
from the burned-a-lot-of-resources dept.

upstart writes in with an IRC submission:

Hackers used 4 zero-days to infect Windows and Android devices:

Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices.

Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malware on visitors' devices. The boobytrapped sites made use of two exploit servers, one for Windows users and the other for users of Android.

[...] In all, Project Zero published six installments detailing the exploits and post-exploit payloads the researchers found. Other parts outline a Chrome infinity bug, the Chrome exploits, the Android exploits, the post-Android exploitation payloads, and the Windows exploits.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Hackers Used 4 Zero-Days to Infect Windows and Android Devices | Log In/Create an Account | Top | 5 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Saturday January 16 2021, @10:00PM

    by Anonymous Coward on Saturday January 16 2021, @10:00PM (#1101266)

    And the two windows exploits are in the font engine. More MDC posts in 2021 than people surprised to hear of font engine bugs.